pdeliot 10 Posted March 9, 2018 Posted March 9, 2018 Hi, Since few versions, Emby is refusing to save the “External Connections - Force HTTPS” if no certificate is provided. This is very blocking for me. This is preventing clients to connect to the server from an external connection. I cannot use any client from an external network anymore... HTTPS web site connection working well from the outside. I manage certificate and HTTPS outside of Emby. Then I need Emby to expose the HTTPS connection URL for the external. but I do not want Emby to deal with any certificate. How can I force the option without providing certificate? Pascal
mastrmind11 722 Posted March 9, 2018 Posted March 9, 2018 Hi, Since few versions, Emby is refusing to save the “External Connections - Force HTTPS” if no certificate is provided. This is very blocking for me. This is preventing clients to connect to the server from an external connection. I cannot use any client from an external network anymore... HTTPS web site connection working well from the outside. I manage certificate and HTTPS outside of Emby. Then I need Emby to expose the HTTPS connection URL for the external. but I do not want Emby to deal with any certificate. How can I force the option without providing certificate? Pascal A reverse proxy.
pdeliot 10 Posted March 9, 2018 Author Posted March 9, 2018 I’m using a reverse proxy… It is responsible for HTTS handling and then forwarding to the Emby server the requests using HTTP. This is working well except that the new version of Emby is preventing me to expose the HTTPS URL for external networks… Then Emby clients (on external networks) are referring HTTP URL and are then unable to connect ☹
Jdiesel 1431 Posted March 9, 2018 Posted March 9, 2018 What happens if you manually edit the system.xml in your Emby server install folder? Do the settings stick?
pdeliot 10 Posted March 9, 2018 Author Posted March 9, 2018 (edited) I would try, but honestly I do not know wich parameter to change... Edited March 9, 2018 by pdeliot
pdeliot 10 Posted March 16, 2018 Author Posted March 16, 2018 The key point is to find a way to change manually the external URL…
pdeliot 10 Posted March 16, 2018 Author Posted March 16, 2018 (edited) That's the wan field under advanced. I do not find this filed anymore… I can see an “external domain”... but no more “wan” entry… I may need a new pair of glasses Edited March 16, 2018 by pdeliot
pdeliot 10 Posted March 16, 2018 Author Posted March 16, 2018 Sorry thats the one. Even if I put the https:// in head of it (and I think it is wrong...), then the displayed external url is still http://myserver.mydomain.com:80 :-( I need https://myserver.mydomain.com:443
Luke 42083 Posted March 16, 2018 Posted March 16, 2018 All you should enter into that field is just the domain name and that is it. The protocol and ports are handled via the other settings.
pdeliot 10 Posted March 17, 2018 Author Posted March 17, 2018 All you should enter into that field is just the domain name and that is it. The protocol and ports are handled via the other settings. Yes.. But if I set SSL... Emby refuse to save because I have not provided the certificate... And I do not want to provide a certificate! I just want SSL to be exposed in the external URL, like it was functionning in ealiear versions.
Luke 42083 Posted March 17, 2018 Posted March 17, 2018 We'll add that as a setting for the next release, thanks. 1
pdeliot 10 Posted March 17, 2018 Author Posted March 17, 2018 We'll add that as a setting for the next release, thanks. Great news! Thanks!
Cheeseburger 8 Posted March 17, 2018 Posted March 17, 2018 To simplify for your users you can make your reverse proxy redirect requests for http to https. In Nginx it's really simple and I assume it works similarly in other reverse proxies. I have forwarded both port 80 and 443 to the server running Nginx, and in the Nginx conf there are two server blocks, one serving Emby and the other one just telling clients to reach the SSL one. The 301 redirect is remembered by the browser so it is only used once per client and session. server { listen 192.168.1.50:80 default_server; server_name _; return 301 https://$host$request_uri; } and then the real one: server { listen 192.168.1.50:443 ssl http2; server_name site.domain.com; (...) Now regardless of whether someone tries http:// or https:// they always end up with the secured connection and users don't need to bother typing https://.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now